possible DNS Problem

Many thanks in advance
Have a strange problem for a few days now. DNS all looks OK but can not
longer OWA via IE in the office but can when using the server name or
IP/owa. Also cannot RDP the TS Server except by IP. And also file transfers
between the DMZ to LAN are very slow running at 40 KB/S on a 100 MB network,
Lan to DMZ / Wan OK NSLookup resolves quickly.

Has anyone any idea as to what / where to check.

Many thanks
Nig

Forgot to mention that we have a Win 2003 domain with Exchange 2007 win2003
TS Server
"nigel" <> wrote in message
news:%...
> Many thanks in advance
> Have a strange problem for a few days now. DNS all looks OK but can not
> longer OWA via IE in the office but can when using the server name or
> IP/owa. Also cannot RDP the TS Server except by IP. And also file
> transfers between the DMZ to LAN are very slow running at 40 KB/S on a 100
> MB network, Lan to DMZ / Wan OK NSLookup resolves quickly.
>
> Has anyone any idea as to what / where to check.
>
> Many thanks
> Nig
>

Hi Nig,

If you can run this:

nslookup OWASiteName

e.g. nslookup webmail.domain.com

Then DNS is free from blame.

Do you use a Proxy Server at all? Anything that may prevent IE
connecting to or resolving the name for the site.

Depending on configuration the (presumed) proxy server may be allowing
direct access if only a single label name is used or if a local IP is used.

Chris

nigel wrote:
> Many thanks in advance
> Have a strange problem for a few days now. DNS all looks OK but can not
> longer OWA via IE in the office but can when using the server name or
> IP/owa. Also cannot RDP the TS Server except by IP. And also file transfers
> between the DMZ to LAN are very slow running at 40 KB/S on a 100 MB network,
> Lan to DMZ / Wan OK NSLookup resolves quickly.
>
> Has anyone any idea as to what / where to check.
>
> Many thanks
> Nig
>
>

"nigel" <> wrote in message news:%...
> Many thanks in advance
> Have a strange problem for a few days now. DNS all looks OK but can not
> longer OWA via IE in the office but can when using the server name or
> IP/owa. Also cannot RDP the TS Server except by IP. And also file transfers
> between the DMZ to LAN are very slow running at 40 KB/S on a 100 MB network,
> Lan to DMZ / Wan OK NSLookup resolves quickly.
>
> Has anyone any idea as to what / where to check.
>
> Many thanks
> Nig
>
>


We'll need more information in order to provide a specific response.

If you have a perimeter (DMZ), what type of router do you have?
Is your internal private AD DNS domain name the same as your external public name?
Chris mentioned you may possibly have a Proxy/ISA. Do you?
Are all internal machines ONLY using the internal DNS in their IP properties? (This means no external, ISP or router as a DNS address).
Is the DC multihomed?
Is RRAS installed on the DC?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Many thanks for your responses.
Here are the answers hopefully to your questions. O'h i did the DNS test as
in the other post - All OK


Our Router / Firewall is a SonicWall Pro 4060 unit. This has the DMZ of 4
virtual ports X1 - X4 (fisical cable ports). We have 5 IP addresses one ofe
the Sonicwall, which routes our internal lan and 4 other external IPs for
web servers that are in the DMZ.
N0, domain name is .local
No Proxy/ISA
Internal DNS. External DNS is on the Sonicwall Pro unit as is the gateway
(sonwall ip)
Single Domian
No RRAS

Regards
Nig

"Ace Fekay [MCT]" <> wrote in message
news:%23$iqTJ%...
"nigel" <> wrote in message
news:%...
> Many thanks in advance
> Have a strange problem for a few days now. DNS all looks OK but can not
> longer OWA via IE in the office but can when using the server name or
> IP/owa. Also cannot RDP the TS Server except by IP. And also file
> transfers
> between the DMZ to LAN are very slow running at 40 KB/S on a 100 MB
> network,
> Lan to DMZ / Wan OK NSLookup resolves quickly.
>
> Has anyone any idea as to what / where to check.
>
> Many thanks
> Nig
>
>
We'll need more information in order to provide a specific response.

If you have a perimeter (DMZ), what type of router do you have?
Is your internal private AD DNS domain name the same as your external public
name?
Chris mentioned you may possibly have a Proxy/ISA. Do you?
Are all internal machines ONLY using the internal DNS in their IP
properties? (This means no external, ISP or router as a DNS address).
Is the DC multihomed?
Is RRAS installed on the DC?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

When you run "nslookup webmail.whatever.com" which IP address do you get
back? I'm assuming you get a public IP address?

If you do get a public you may find that you simply cannot route traffic
to that. There are a number of work-arounds for this, the DNS based
work-around is to add a Forward Lookup Zone to give you the Private IP
Address of the host instead.

My preferred method would be:

1. Open the DNS Console
2. Create a Forward Lookup Zone (Primary, AD Integrated) called
"webmail.whatever.com"
3. Disable Dynamic Updates for this zone
4. Create a new Host (A) Record. Leave the name blank and pop in the
Private IP Address of the server

Using this method means you do not have to worry about resolving other
names under "whatever.com" while still allowing you to resolve your own
version of webmail.whatever.com.

Chris

Chris,
When I nslookup our mail.domain.com I get back the outside IP address
and the next line gives me the IP address of out exchange server. Is this
correct or should I still try the work around

Many thanks
Nigel
"Chris Dent" <> wrote in message
news:...
>
> When you run "nslookup webmail.whatever.com" which IP address do you get
> back? I'm assuming you get a public IP address?
>
> If you do get a public you may find that you simply cannot route traffic
> to that. There are a number of work-arounds for this, the DNS based
> work-around is to add a Forward Lookup Zone to give you the Private IP
> Address of the host instead.
>
> My preferred method would be:
>
> 1. Open the DNS Console
> 2. Create a Forward Lookup Zone (Primary, AD Integrated) called
> "webmail.whatever.com"
> 3. Disable Dynamic Updates for this zone
> 4. Create a new Host (A) Record. Leave the name blank and pop in the
> Private IP Address of the server
>
> Using this method means you do not have to worry about resolving other
> names under "whatever.com" while still allowing you to resolve your own
> version of webmail.whatever.com.
>
> Chris

"nigel" <> wrote in message
news:...
> Chris,
> When I nslookup our mail.domain.com I get back the outside IP address
> and the next line gives me the IP address of out exchange server. Is this
> correct or should I still try the work around
>

When running nslookup, what DNS server is it showing that it is querying? It
will be the first thing you see when you run nslookup.

If it is your inside DNS server, simply go the DNS server, and change the IP
to the internal private IP.

If it is an outside DNS server (such as your ISP, some other external DNS,
or the router's IP being used as a DNS), then it tells me you have your
internal machines DNS settings misconfigured to use something else other
than ONLY the internal DNS servers.

Ace